This is the continuation of the my earlier post
Since yesterday I have been trying to implement the facebook credits following the official tutorials. May be my noobness or the inadequate information I faced lot of problem which I have resolved one by one and I have arrived to the final step (hopefully)
I guess there is something to do with order_info which I am not sure
I have created a basic page based on the tutorial given here. This page has a simple button. Upon clicking on it calls the placeOrder() function which is almost copy paste code given in the tutorial.
Now, I get this error message
The callback.php is also implemented and seems like FB has pinged the callback.php. But the problem seems to be that the signed_request is not as expected.
I got this error message from the apache log
[Fri Mar 09 11:17:20 2012] [error] [client 66.220.146.244] Unknown algorithm. Expected HMAC-SHA256 but got data dump:
Note: (but got data dump are the extra debug variables which I have added to find what is coming the $data['algorithm'] and $data entirely
I have implemented code to dump the signed_request variable in the db for further debugging and from debugging I have debugged and traced
Here is the complete code of callback.php
<?php
//based on https://developers.facebook.com/docs/credits/callback/
include_once 'Config.php';
mysql_connect('myhost','usr','zzz');
mysql_select_db("mydb");
//dump the request into the db
$request = join(':', $_REQUEST);
$request = mysql_real_escape_string($request);
$query = "insert into fbcredits_callback(data)values('$request')";
$result = mysql_query($query);
$fb_signed_req = $_REQUEST['signed_request'];
echo parse_signed_request($signed_request, Config::$appSecret);
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256 but got '.$data['algorithm'].'data dump:'.join(':',$data));
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
?>
The above error message is generated at this line
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256 but got '.$data['algorithm'].'data dump:'.join(':',$data));
return null;
}
Update: I debugged the output step by step, at below step $data returns null
$data = json_decode(base64_url_decode($payload), true);
Which means the decoding is not happening properly. Can some one tell me what is going wrong here?
Complete code of buy.php
<?php
include_once 'Config.php';
include_once 'fb-sdk/facebook.php';
?>
<html>
<head>
<title>My Facebook Credits Page</title>
</head>
<body>
<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
FB.init({
appId : '<?php echo Config::$appId?>',
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : false, // parse XFBML
channelUrl : 'http://199.192.xxx.yyy/buy.php', // channel.html file
oauth : true // enable OAuth 2.0
});
var callback = function(data) {
if (data['order_id']) {
alert('called back');
return true;
} else {
//handle errors here
alert('some error');
return false;
}
};
function placeOrder(){
alert('in placeOrder()');
var order_info = {
item_code: "someItemCode",
user_id: "1313213131"
};
alert('creating obj');
var obj = {
method: 'pay',
order_info: order_info,
action: 'buy_item',
dev_purchase_params: {'oscif': true},
app_id: '<?php echo Config::$appId?>'
};
alert('calling ui');
FB.ui(obj, callback);
}
</script>
<input type="button" value="post" onclick="postFeed()" />
<input type="button" value="Buy" onclick="placeOrder()" />
</body>
</html>
Additional info:
- My webserver has SSL support (installed test certificate from verizon)
- Sandbox mode enabled (tried disabling also)